Abstract: Boneh and Venkatesan have proposed a polynomial time algorithm for recovering a hidden element , where is prime, from rather short strings of the most significant bits of the residue of modulo for several randomly chosen . González Vasco and the first author have recently extended this result to subgroups of of order at least for all and to subgroups of order at least for almost all . Here we introduce a new modification in the scheme which amplifies the uniformity of distribution of the multipliers and thus extend this result to subgroups of order at least for all primes . As in the above works, we give applications of our result to the bit security of the Diffie-Hellman secret key starting with subgroups of very small size, thus including all cryptographically interesting subgroups.

J. Bourgain and S. V. Konyagin, ``Estimates for the number of sums and products and for exponential sums over subgroups in fields of prime order'', Comptes Rendus Mathematique, 337 (2003), 75-80. MR 1998834 (2004g:11067)